Ask a Question

How do I troubleshoot email failures on a Network Management Card?

My Network Management Card or Network Management Card enabled product cannot not send any email notifications. (If it will send certain notifications but not others, please check your event notifications to see which are enabled/disabled).

The NMC can be configured to send email to up to four recipients when it encounters a problem or event selected by the user. The card does not have a local email server built in, as it relies on the user's email server to send the email. This document will explain what problems may arise when sending email and how to resolve (where possible) the issue. It should be remembered that the email is dependent on the user's email server, so even if the card says it has sent the email, it may not be received at the destination address.

This can be caused by one or multiple reasons including the NMC's mail server setting, DNS configuration, or network issues.

Resolution

Review the sections below to narrow down where the problem may lie. If you are unable to find a root cause, please download the event.txt, data.txt and config.ini from your Network Management Card and contact APC support. Instructions for downloading these required log files are located in article ID FA156131. In addition, please provide any other available details about your email server such as the type and version, server event logs, as well as any packet captures between the NMC device and mail server that you are able to retrieve.

Note: NMC1 devices do not support SMTP (email) authentication of any type.

For Local Email Server setting

In configuring the email for "local server," the first step is to enter the basic networking information if it is not already present (IP, subnet mask and gateway) and the DNS server information needs to be entered on the DNS configuration page. The user needs to know his/her email server's network name. Go to the send DNS test section and select query by FQDN. Enter the server name in the query question and press apply. If the DNS server information has not been entered, all DNS queries will fail. The user also needs to ensure both forward AND reverse DNS records are present on his DNS server for his or her email server.

If the DNS query fails, the user needs to check the DNS server information and ensure he/she has selected the correct query type. Also, check that the correct email server name is being used.

NMC2 devices with NMC v6.0.6 and higher should provide detailed error messages within the email test option as to why the email is not being sent.

For Recipients Email Server setting

This option allows the NMC to do a lookup on a remote domain's DNS server for an MX record. This option only tries once to relay the mail to the recipient's mail server after an MX record is found. Information on getting this option to work with popular external mail services such as Gmail, Yahoo!, and Hotmail is located in article ID FA164769.

The first step is to enter the basic networking information if it is not already present (IP, subnet mask and gateway) the DNS server information needs to be entered on the DNS configuration page.

The user needs to know his/her email server's network name. Go to the send DNS query section and select query by MX. Enter the server name in the query question and press apply. If the DNS server information has not been entered, all DNS queries will fail. The user also needs to ensure both forward AND reverse DNS records are present on his DNS server for his email server.

You can also use NSLOOKUP to check to see if the email server registered.

At a command prompt type NSLOOKUP. The system will respond with a default server name, the server IP and a > prompt.
At the > prompt enter the following as shown below:

>set type=mxthe system will respond with>enter the domain name of the server you require information on and press enter (in this example we will use apc.com)

> apc.com
Server: <dns server name>
Address: <dns server ip address>

The mail server host name and IP addresses will be listed with the MX preference. The entries we are looking for are the lines with MX preference = XX. You will generally use the lowest MX preference number for the email server. The most common reason for this method failing is the lack of a reverse DNS record in the DNS server for the mail server.

NMC2 devices with NMC v6.0.6 and higher should provide detailed error messages within the email test option as to why the email is not being sent.

Custom Server setting (NMC2 v6.0.6 and higher only)

This option allows the user to enter custom server information (server name, port, authentication information) per recipient, if needed. This is a recommended alternative to the Recipients server setting as it will allow you to specify information such as port number and SMTP authentication credentials since Recipients server setting does not provide that.

NMC2 Devices Only: Why was email notification working in NMC2 firmware v5.0.X and not in v5.1.X or v6.0.X?

NMC2 firmware 5.1.X allows for basic (plain text) SMTP authentication only. Check with your system administrator to determine whether the SMTP server supports authentication or not and what type is required. If authentication is required, navigate to Administration Tab->Notification-> Email->recipients, and click on the desired recipient. Ensure there are no typos in the email address. Enter the user name and password for the email account required by the SMTP server. As of AOS 5.1.5 and higher, the SMTP port number can be changed as well.

If authentication is not required, navigate to the Administration Tab-> Notification-> Email->recipients, and click on the desired recipient. Leave the "Password" and "Confirm Password" fields blank, then click "Apply." Doing this will null out the password field. If the password is null, the NMC won't try to authenticate with the SMTP server.

Beginning with NMC2 v6.0.6 and higher, SSL/TLS email authentication is required. If authentication is enabled, there are three available modes/options. If supported is the default setting and recommended if you're not sure what your mail server requires. Each mode is explained below and is configured within the Configuration->Notification->Email options within the web or can now be configured via the command line interface if desired.

If supported – The NMC will begin the SMTP conversation with the EHLO command and see if SSL/TLS is a supported option on the SMTP server. If supported, the NMC will use SSL/TLS. If unsupported, the email will be sent using basic (plain text) authentication.

Always – The NMC will begin the SMTP conversation with the EHLO command and ensure SSL/TLS is an available option reported by the SMTP server. The email will not be sent if authentication is not configured on the server and Always is selected.

Implicit – The NMC skips any SSL/TLS negotiations and enters immediately into a secured connection on a user specified port.

On NMC1 devices, if the server requires a username and password (SMTP authentication), the card will not be able to send email. You can test this by connecting to the email server using telnet over SMTP port 25 and see if it gives a username/password prompt. The event log will contain entries if the connection could not be established.

Once a connection is made, the NMC will attempt to send the email to the server. The email server must be configured to accept the From: address in the email field in most situations. Most servers will attempt to validate the address the email is coming from.